New Attack Breaks Confidentiality Model of SSL, Allows Theft of Encrypted Cookies | thr... - 0 views
-
-
anonymous on 29 Apr 12It's worth noting that to execute this attack you have to be on the network of your target and have the ability to execute a man in the middle attack.
-
-
Two researchers have developed a new attack on TLS 1.0/SSL 3.0 that enables them to decrypt client requests on the fly and hijack supposedly confidential sessions with sensitive sites such as online banking, e-commerce and payment sites. The attack breaks the confidentiality model of the protocol and is the first known exploitation of a long-known flaw in TLS, potentially affecting the security of transactions on millions of sites.